Docker is the specific platform and toolset that popularized containerization. While "containerization" is the general concept (the theory), Docker is the actual software (the tool) you install to make it happen.
Think of it this way: Containerization is "MP3", and Docker is "iTunes" or "Spotify".
Here is a breakdown of how Docker works, its core terminology, and the basic commands you need to know.
1. The Core Concepts (The "Big Three")
To understand Docker, you only need to understand three distinct stages. Think of it like baking a cake.
| Concept | Analogy | Description |
|---|---|---|
| Dockerfile | The Recipe | A simple text file containing instructions on how to build your application (e.g., "Use Python 3.9," "Copy these files," "Open port 80"). |
| Image | The Mold | The read-only template created from the Dockerfile. It contains your code, libraries, and OS settings frozen in time. You cannot "run" an image directly; you use it to create containers. |
| Container | The Cake | The running instance of an Image. It is alive, writable, and doing work. You can bake (run) 100 cakes (containers) from a single mold (image). |
2. Docker Architecture
Docker uses a Client-Server architecture. When you type a command in your terminal, you aren't actually doing the work; you are telling a background process to do it.
-
The Client (Docker CLI): This is your terminal where you type
docker run. It sends instructions to the Daemon. - The Daemon (Dockerd): The background process running on your computer. It listens for orders and does the heavy lifting (building, running, and distributing containers).
- The Registry (Docker Hub): A cloud library where people store and share Images (like GitHub, but for binaries).
3. The Workflow
This is the standard lifecycle of a Docker application:
-
Write: You create a
Dockerfilein your project folder. - Build: You tell Docker to read the recipe and bake an Image.
- Run: You tell Docker to use that Image to start a Container.
4. Cheat Sheet: Essential Commands
If you are just starting, these are the commands you will use 90% of the time.
docker build -t my-app .Meaning: "Read the Dockerfile in this folder (
.) and build an image namedmy-app."docker run -p 3000:3000 my-appMeaning: "Start a container from the
my-appimage. Connect port 3000 on my laptop to port 3000 inside the container."docker psMeaning: "Show me a list of all currently running containers."
docker stop <container_id>Meaning: "Gracefully shut down the specific container."
docker pull python:3.9Meaning: "Download the official Python 3.9 image from Docker Hub so I don't have to build it myself."
5. Docker vs. Docker Compose
You will often hear about Docker Compose.
- Docker: Great for running one container (e.g., just your Python app).
-
Docker Compose: Great for running multiple connected containers (e.g., your Python app + a database + a web server) using a single file (
docker-compose.yml) and one command.
The architecture of Docker uses a Client-Server model. It consists of three main components: the Client (the interface you use), the Host (the server that does the work), and the Registry (where images are stored).
Here is the detailed breakdown of the architecture components and how they interact.
1. The Core Components
A. Docker Client (The Interface)
The client is the primary way you interact with Docker. When you use commands like docker build, docker pull, or docker run in your terminal, you are using the Docker Client.
- Role: It sends commands to the Docker Daemon (Server) via a REST API.
- Location: It can run on the same machine as the daemon or on a remote machine connecting to a remote daemon.
B. Docker Host (The Engine)
The Docker Host is the machine (server or laptop) where the containers actually run. It contains the Docker Engine, which is made up of several critical sub-components that work together to run your applications.
-
Docker Daemon (
dockerd): This is the persistent background process that listens for API requests from the Client. It manages the high-level objects like images, containers, networks, and volumes. -
containerd: A high-level container runtime. The daemon talks to
containerdto manage the lifecycle of a container (pulling images, starting/stopping containers). - runc: A low-level container runtime. It is the tool that actually creates the container using Linux kernel features (Namespaces and Cgroups).
-
shim: A small process that sits between
containerdandrunc. It allows the container to keep running even if the Docker Daemon restarts (daemonless containers).
C. Docker Registry (The Library)
The registry is a stateless, scalable storage system for Docker Images.
-
Docker Hub: The default public registry. When you run
docker pull nginx, Docker looks here by default. - Private Registries: Companies often host their own private registries (like AWS ECR, Azure ACR, or JFrog Artifactory) to store proprietary code securely.
2. How the Components Work Together (The Workflow)
When you run a command like docker run nginx, the following architectural flow happens:
-
Client: The CLI sends a request to the Docker Daemon (
dockerd) via the API. -
Daemon: Checks if the
nginximage exists locally. - Registry: If the image is missing, the Daemon pulls it from the Registry (Docker Hub).
-
containerd: The Daemon commands
containerdto start a container. -
runc:
containerdusesruncto interact with the OS kernel and create the isolated environment (namespaces/cgroups). -
Running: The container starts, and
runcexits, leaving theshimto manage the running process.
3. Key Docker Objects
The architecture is designed to manage these four specific objects:
- Images: Read-only templates with instructions to create a container.
- Containers: Runnable instances of an image.
- Networks: Interfaces that allow containers to talk to each other and the internet.
- Volumes: Persistent storage data that survives even if the container is deleted.
A Dockerfile is a plain text file that contains a set of instructions for building a Docker Image.
If a Docker Image is a "frozen snapshot" of an application, the Dockerfile is the script that creates that snapshot. It automates the process of installing the operating system, setting up the environment, copying your code, and installing dependencies.
Here is a comprehensive breakdown of how it works, its key commands, and the concept of "layers."
1. The Analogy: The Recipe
Think of a Dockerfile like a recipe card for a cake.
- The Dockerfile: The list of steps ("Preheat oven," "Add flour," "Mix eggs").
- The Build Process: The act of following the steps.
- The Image: The final baked cake, ready to be eaten (run).
Without a Dockerfile, you would have to manually log into a server and type commands one by one to set it up. With a Dockerfile, you write the commands once, and Docker executes them automatically.
2. Basic Syntax
A Dockerfile uses a simple syntax: INSTRUCTION argument. The instruction is always in uppercase (by convention).
Here are the most common instructions you will use:
| Instruction | Meaning | Example |
|---|---|---|
FROM |
The Base. Every Dockerfile starts with this. It defines the underlying OS or runtime you are building upon. | FROM python:3.9 |
WORKDIR |
The Setup. Creates a directory inside the image and "cd" (changes directory) into it. | WORKDIR /app |
COPY |
The Transfer. Copies files from your computer (host) into the image. |
COPY . . (Copy everything here to there) |
RUN |
The Action. Executes a command during the build process. Used to install libraries. | RUN pip install flask |
ENV |
The Variable. Sets environment variables (like passwords or debug modes). | ENV PORT=8080 |
EXPOSE |
The Window. Documents which port the application will use (informational). | EXPOSE 8080 |
CMD |
The Startup. The command that runs when the Container starts. | CMD ["python", "app.py"] |
3. A Real-World Example
Here is what a complete Dockerfile looks like for a simple Python application.
# 1. Start with a lightweight Linux version that has Python installed
FROM python:3.9-slim
# 2. Create a folder named 'app' and move into it
WORKDIR /app
# 3. Copy just the requirements file first (for caching efficiency)
COPY requirements.txt .
# 4. Install the dependencies listed in the file
RUN pip install -r requirements.txt
# 5. Now copy the rest of the application code
COPY . .
# 6. Tell Docker this app runs on port 5000
EXPOSE 5000
# 7. Define the command to start the app
CMD ["python", "main.py"]
4. Advanced Concept: Layers & Caching
One of the most important concepts to understand for interviews or advanced usage is Layers.
Every time Docker executes an instruction (like RUN or COPY), it creates a new Layer.
- Layers are stacked on top of each other like pancakes.
-
Caching: This is why Docker is fast. If you change your code but don't change your
requirements.txt, Docker realizes it has already built the layers for steps 1-4. It reuses the cached layers and only rebuilds from step 5 onwards. This makes rebuilding an image incredibly fast.
This is a comprehensive reference guide to Docker commands, categorized by function. It covers everything from basic container management to advanced networking and system cleanup.
1. Container Management (The Basics)
These are the commands you will use 90% of the time to create, stop, and delete containers.
| Command | Description | Example |
|---|---|---|
docker run |
Creates and starts a container. | docker run -d -p 80:80 nginx |
docker ps |
Lists currently running containers. | docker ps |
docker ps -a |
Lists all containers (running & stopped). | docker ps -a |
docker stop |
Gracefully stops a running container. | docker stop <container_id> |
docker start |
Starts a stopped container. | docker start <container_id> |
docker restart |
Stops and then starts a container. | docker restart <container_id> |
docker rm |
Deletes a stopped container. | docker rm <container_id> |
docker rm -f |
Forcefully deletes a running container. | docker rm -f <container_id> |
docker kill |
Instantly stops a container (like pulling the plug). | docker kill <container_id> |
Key Flags for docker run:
-
-d: Detached mode (Run in background). -
-p: Port mapping (e.g.,-p 8080:80maps host port 8080 to container port 80). -
-v: Volume mounting (e.g.,-v /home/data:/app/data). -
--name: Assign a custom name to the container. -
-it: Interactive terminal (used for entering the container shell). -
--rm: Automatically remove the container when it stops.
2. Interaction & Debugging
Commands to see what is happening inside a container.
| Command | Description | Example |
|---|---|---|
docker logs |
View the logs (output) of a container. | docker logs -f <container_id> |
docker exec |
Run a command inside a running container. | docker exec -it <id> /bin/bash |
docker inspect |
View detailed JSON configuration (IP, paths, env). | docker inspect <container_id> |
docker stats |
Live view of CPU, RAM, and Net usage. | docker stats |
docker top |
List processes running inside the container. | docker top <container_id> |
docker cp |
Copy files between host and container. | docker cp file.txt <id>:/app/ |
3. Image Management
Commands to manage the "blueprints" (Images).
| Command | Description | Example |
|---|---|---|
docker build |
Build an image from a Dockerfile. | docker build -t my-app:v1 . |
docker images |
List all local images. | docker images |
docker pull |
Download an image from Docker Hub. | docker pull python:3.9 |
docker rmi |
Delete a local image. | docker rmi <image_id> |
docker tag |
Create a new tag (alias) for an image. | docker tag my-app:v1 my-app:latest |
docker push |
Upload an image to a registry (e.g., Docker Hub). | docker push myuser/my-app:v1 |
docker history |
Show the history (layers) of an image. | docker history <image_id> |
docker save |
Save an image to a .tar archive. |
docker save -o image.tar my-app |
docker load |
Load an image from a .tar archive. |
docker load -i image.tar |
4. Volume Management (Storage)
Commands to manage persistent data.
| Command | Description | Example |
|---|---|---|
docker volume create |
Create a new named volume. | docker volume create my_data |
docker volume ls |
List all volumes. | docker volume ls |
docker volume inspect |
specific info about a volume (e.g., path on disk). | docker volume inspect my_data |
docker volume rm |
Remove a specific volume. | docker volume rm my_data |
docker volume prune |
Remove all unused volumes. | docker volume prune |
5. Network Management
Commands to manage how containers talk to each other.
| Command | Description | Example |
|---|---|---|
docker network create |
Create a user-defined network. | docker network create my-net |
docker network ls |
List all networks. | docker network ls |
docker network inspect |
Show which containers are on a network. | docker network inspect my-net |
docker network connect |
Connect a running container to a network. | docker network connect my-net <id> |
docker network rm |
Remove a network. | docker network rm my-net |
docker network prune |
Remove all unused networks. | docker network prune |
6. System Cleanup (Pruning)
Warning: These commands are destructive. They help free up disk space.
| Command | Description |
|---|---|
docker system prune |
Removes stopped containers, unused networks, and dangling images. |
docker system prune -a |
Deep clean. Removes all unused images, not just dangling ones. |
docker container prune |
Removes all stopped containers. |
docker image prune |
Removes only dangling images. |
7. Docker Compose (Multi-Container)
If you are using a docker-compose.yml file, use these commands instead of standard Docker commands.
| Command | Description |
|---|---|
docker-compose up |
Builds, creates, starts, and attaches to containers for a service. |
docker-compose up -d |
Starts the services in background (detached) mode. |
docker-compose down |
Stops and removes containers, networks, and volumes defined in the file. |
docker-compose logs -f |
Follows the logs of the services. |
docker-compose ps |
Lists the running containers for the current project. |
docker-compose build |
Rebuilds the services (useful if you changed the Dockerfile). |
Top comments (0)